Some third-party CAs, such as Thwate and Comodo Group's InstantSSL, offer free personal email certificates—an easy way to obtain certificates. And the certificates would already be signed by the issuer, which helps verify authenticity.
When it comes to using PKI for sending encrypted data through an email application, Secure MIME (S/MIME) is the specification that makes it happen. Outlook, Mozilla Thunderbird, and Apple Mail are only few of the email applications that support S/MIME. To send someone encrypted email (with or without file attachments), you need to have access to his or her public key.
To obtain someone's public key, you can look up key data in an LDAP server, as long as that person uses LDAP to publish the key. Alternatively, you can ask the person to send you a digital signed message; typically, S/MIME-enabled email clients will attach a copy of the public key when delivering the signed message to you. Or, you could simply ask the person to send you a message with the public key attached. You can then store the public key in your key-management interface, which should be available in your email client. (Outlook integrates with the Certificate Store built into Windows.) The public key will then be readily available when you need to use it.
Identity-based Encryption
Voltage Security has developed a new technology called identity-based encryption (IBE), which is similar to PKI but with an interesting twist. IBE uses a private key to decrypt content, but instead of using a typical public key to encrypt content, IBE uses a person's email address as the public key. This way, no one need be concerned about obtaining a person's public key before sending him or her encrypted data. All you need is the person's email address.
With IBE, a recipient's private key is stored on a key server. The recipient authenticates to the key server and obtains the private key, which he or she then uses to decrypt the message content. IBE technology works with Outlook, Outlook Express, Lotus Notes, PocketPC, and Research in Motion (RIM) BlackBerry. According to Voltage Security, IBE also works with any browser-based email system on nearly any OS. With all this flexibility, Voltage Security's solutions might be just what you're looking for.
As it turns out, FrontBridge Technologies uses IBE to facilitate secure encrypted email exchange. As you might already know, Microsoft acquired FrontBridge in July 2005 and intends to eventually integrate FrontBridge solutions with Exchange, possibly offering the combined technologies as a managed service in the relatively near future. So, if you and your partners' email systems are based on Exchange, keep an eye on potential developments.
Careful Consideration
There are many ways to transfer files securely over the Internet, and by far the easiest and most effective way to do so is by email. Of course, if your needs dictate that you must transfer a large number of files, adding up to a large amount of data, you might consider a different method.
Think about how many files you need to send, how large those files are, how often you need to send those files, who needs access to them, and how they will be stored at their destination. All these factors will help you determine the best way to transfer files.
If email turns out to be your best choice, keep in mind that many email servers and email clients can run scripts or perform certain actions based on rules when email arrives. By using these features, you can help automate the movement of your files both en route through mail servers and upon arrival into a mailbox.
Mark Joseph Edwards (mark@ntshop .net) is a senior contributing editor for Windows IT Pro and writes the weekly email newsletter Security UPDATE (http://www.windowsitpro.com/email). He is a network engineer and the author of Internet Security with Windows NT (29th Street Press).
Register
